Yahoo webcam problem

which port needs to be open in check point
so user behind the check point can receive the
webcam image through yahoo messenger ?

Ravi

The information contained in, or attached to, this e-mail, may contain
confidential information and is intended solely for the use of the
individual or entity to whom they are addressed and may be subject to legal
privilege. If you have received this e-mail in error you should notify the
sender immediately by reply e-mail, delete the message from your system and
notify your system manager. Please do not copy it for any purpose, or
disclose its contents to any other person. The views or opinions presented
in this e-mail are solely those of the author and do not necessarily
represent those of the company. The recipient should check this e-mail and
any attachments for the presence of viruses. The company accepts no
liability for any damage caused, directly or indirectly, by any virus
transmitted in this email.

For a test to make sure that there are not any other issues. You can open
the Yahoo public server segment to your machine only. Their address ranges
are 216.136.0.0; 216.155.0.0; 66.163.0.0 .....
At first open all ports and set logging. You will want to set this rule
above your general yahoo rule. Using timestamps you can see the traffic
that is generated when you are using the web cam.

Based on this information you can start narrowing down the issue. If it
still doesn't work at this point then it is not the firewall causing the
issue. If it works then you can narrow in on the address ranges by using a
class C (24 bit mask) to narrow the subnets to the video server only
subnets.

Sharma,
Perhaps you are partially correct in stating that I did not understand
your question.
I thought that you were trying to provide access to a webcam hosts over
VPN.
I'm running multiple cameras from within my site now and may have
transferred this assumption to your dilemma.
These are in fact web cameras that have been installed around our
campus, that have a web interface.
The "service" that I was suggesting would be included in the FW rule
base which would include the camera as a host object.
I.E., create a network object for the camera, basically the name and IP
address should suffice.

Then, add it to an encryption domain group near the top of the rule base
which allows VPN access.

Since the camera is inside the network and doesn't have an external
address, it won't have external DNS entries. They'd only be accessible
via the IP address.

You could set up some hosts file entries on the end-user pc or set up a
partial topology in the userc.c file for the vpn clients.

If you're non vpn route (no pun intended):

Because the IPv4 addressing scheme is not able to provide enough IP
addresses, the information technology industry was forced to standardize
NAT and deploy NAT products that share IP addresses and Transmission
Control Protocol (TCP)/User Datagram Protocol (UDP) ports. As a result,
some features-mainly instant voice and video communications-experience
reduced functionality when used in certain Internet scenarios.
When a session initiation protocol (SIP) solution is used, the data may
be sent using TCP, UDP or secure sockets layer (SSL). SIP signaling may
also use dynamic ports, which may require opening the entire range of
ports on a firewall. If a NAT device is placed between SIP clients and
their servers, differences may exist between the ports and addresses
reflected in the SIP messages and the actual ports and addresses.

The actual Real-time Transport Protocol (RTP) streams are sent using
dynamically allocated UDP ports in the range of 5004 - 65535. Without a
way to open these UDP ports on any firewall in the path dynamically, the
streams will fail to reach their destination.

You could of course, configure the firewall to allow incoming traffic on
UDP ports 5004 - 65535.

Copyright 1998-2015 Ziff Davis, LLC (Toolbox.com). All rights reserved. All product names are trademarks of their respective companies. Toolbox.com is not
affiliated with or endorsed by any company listed at this site.